Systems and methods for distributed assignment of task identifiers

ABSTRACT

A system and method are provided. The method includes a base station receiving a plurality of tasks from a plurality of user devices, each of the plurality of tasks involving a respective one of multiple sets of jobs. The method further includes a load balancer generating task allocations for the plurality of tasks, responsive to receiving the plurality of tasks from the base station. A unique task ID is generated for and assigned to each task, from which a task allocation is generated by the load balancer. The task allocations for the plurality of tasks are generated such that all the jobs received from a respective same one of the plurality of user devices are assigned to a same one of the worker entities in the set. The method also includes a set of worker entities performing the plurality of tasks in accordance with the task allocations.

RELATED APPLICATION INFORMATION

This application claims priority to 62/250,054 filed on Nov. 3, 2015,incorporated herein by reference in its entirety.

BACKGROUND

Technical Field

The present invention relates to load balancing and more particularlyload balancing on networks.

Description of the Related Art

Load balancing arises in different context, where a task may beperformed by multiple workers and the load balancer assigns task to eachworker such that their load is balanced. If all the workers have thesame capability, as is usually the case, load balancing refers touniform or almost uniform distribution of the task to the workers. Insome other cases, for example, proportional distribution of the load isdesirable or the load distribution could be a function of the worker'scapabilities. A load balancer is the entity which performs this task.

SUMMARY

According to an aspect of the present principles, a method is providedthat load balances tasks on a network. The method includes a basestation receiving a plurality of tasks from a plurality of user devices,each of the plurality of tasks involving a respective one of multiplesets of jobs. The method further includes a load balancer generatingtask allocations for the plurality of tasks, responsive to receiving theplurality of tasks from the base station. A unique task ID is generatedfor and assigned to each task, from which a task allocation is generatedby the load balancer. The task allocations for the plurality of tasksare generated such that all the jobs received from a respective same oneof the plurality of user devices are assigned to a same one of theworker entities in the set. The method also includes a set of workerentities performing the plurality of tasks in accordance with the taskallocations.

According to another aspect of the present principles, a system isprovided. The system includes a base station for receiving a pluralityof tasks from a plurality of user devices, each of the plurality oftasks involving a respective one of multiple sets of jobs. The systemfurther includes a set of worker entities for performing the pluralityof tasks. The system also includes a load balancer for receiving theplurality of tasks from the base station and allocating the plurality oftasks amongst the set of worker entities such that all the jobs receivedfrom a respective same one of the plurality of user devices is assignedto a same one of the worker entities in the set. A unique task ID isgenerated for and assigned to each of the plurality of tasks, from whicha task allocation is generated by the load balancer.

These and other features and advantages will become apparent from thefollowing detailed description of illustrative embodiments thereof,which is to be read in connection with the accompanying drawings.

BRIEF DESCRIPTION OF DRAWINGS

The disclosure will provide details in the following description ofpreferred embodiments with reference to the following figures wherein:

FIG. 1 is a block diagram illustrating a high-level system for anetwork, in accordance with an embodiment of the present invention;

FIG. 2 is a block diagram illustrating a system for cell phonesconnected in a network, in accordance with an embodiment of the presentinvention;

FIG. 3 is a flow diagram illustrating a method for load balancing in anetwork, in accordance with an embodiment of the present invention; and

FIG. 4 is a flow diagram illustrating a method for randomization whileload balancing in a network, in accordance with an embodiment of thepresent invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

In accordance with the present invention, systems and methods areprovided for load balancing over a network.

There are a number of properties that might be desirable for a serverload balancer (SLB) in different scenarios. One property is that a taskmight have a different referral in time, i.e., a new task orreactivation of an old task might happen and all the referrals need tobe assigned to the same worker or worker entity (MMP), which can be anentire server and any subset of a server including a single thread or avirtual machine installation. Another property is that the pool ofworkers may change over time. This means that workers may retire, gooffline for a period before coming back online, or be added to the poolof workers.

Also, in some scenarios it may be desirable for a task to have a backupworker (or multiple backup workers) on standby, which means that thebackup worker knows the task and can complete the task when needed.

Each task has an identification (ID) that is valid for a length of atime and then it may change. However, the same task or its referralsshould always go to the same worker (or possibly one or more backupworkers based on one or more requirements) that is currently assigned tohandle the task. A change in task ID might happen for security orprivacy reasons. Hence, it is desirable to have a task ID that israndom, i.e., a task ID that makes it not possible to derive a validtask ID from another task ID or collection of task IDs.

A task may include multiple threads or jobs. All those jobs shouldusually be assigned to the same worker. Each job may have a differentID. In some scenarios, a job may have a fixed ID which does not changeover time while another job from the same user may have an ID that isrequired to change over time. It is important for the load balancer todirect all the jobs from the same user to the same worker.

In one embodiment, the way to deploy a load balancer may be to store atable of the job IDs and the workers that have been assigned to them.This means the size of the table should be large enough to accommodatethe entire possible pool of tasks and jobs. Moreover, for each new taskor job request within a task, the load balancer has to search the poolof active tasks and users to find out where to direct the new request.

In another embodiment, the load balancer may not need to store a tableor perform a search to find out where to direct the task. Let usconsider a scenario where a pool of worker entities are serving multipleserver load balancers (SLB1 or SLB2). Either of SLB1 or SLB2 may bereferred to as SLB. SLB receives an attach request from a set of usersthat we refer to as enhanced node base stations (eNBs) which in turn areserving a number of users (UEs).

The attach request is at least partly handled by the SLB. The SLB uses ahaphazard randomization function (HAPH) to randomize the value of acounter that is appended to an ID of the SLB. For example, each SLB mayuse a 4 bit ID and a 20 bit counter which can count more than a millionnumbers. The whole 24 bits are fed into the HAPH as well as a random keythat is kept fixed over time. The output of the HAPH is a random number,having a size of 24 bits, that is uniquely determined from the input.This number (pTEID) is an example of a task ID that is assigned and keptfixed over time. In a case that the task ID needs to be changed, we canadd extra bits, e.g., 8 bits to the original 24 bits of the pTEID andthen use the HAPH algorithm with a fixed key to generate a new task ID(GUTI), having a size of 32 bits. By changing the extra 8 bits in theinput, either in a random manner or sequentially, it is possible tochange GUTI over time.

It is clear that by generating a GUTI based on a pTEID, two propertiesare simultaneously satisfied: (1) Given the fact that the HAPH algorithmgenerates an output that is very different from the inputs, even whentwo similar input sequences are fed into the HAPH, therefore the pTEIDlooks very random even though we are using a timer and the ID of the SLBas inputs into the HAPH function; (2) Two different GUTIs that aregenerated based on the same pTEID are not only random and quitedifferent, but also they can be traced back to the users that the taskis assigned to and therefore the task would be sent to the proper workerby the SLB. The reason is that the GUTI can be de-randomized by usingthe inverse of the HAPH function and then the pTEID is extracted.

Now suppose another task ID (S1AP), also needs to be generated forusers. The S1AP can be generated the same way that the GUTI isgenerated, e.g., by adding extra bits (or not adding extra bits) andthen using the HAPH function with a given key (e.g., different from thatof GUTI) with the output of the HAPH function being the S1AP. The S1APcould be a new type of task ID that belongs to the same user as that ofthe pTEID but it is significantly different from the other types of taskID's such as the pTEID and the GUTI. This new ID may or may not changeover time.

Referring now in detail to the figures in which like numerals representthe same or similar elements and initially to FIG. 1, a high-levelsystem for load balancing over a network 100 is illustratively depictedin accordance with one embodiment of the present invention. The network100 includes more than one user device 120. In one embodiment, the userdevice 120 may include a mobile device, a cell phone, a personalcomputer, a data center or any combination of these and othernetworkable items.

The user device 120 may include one or more processors 102. Theprocessor 102 could process sensor or input data of the user device 120.The processor 102 could process the data received by the user device 120from another user device 120. The user device 120 may include one ormore displays 112. The user device 120 may include one or more inputdevices 106. The input device could be used to accept user commands ordata into the user device 102.

The user device 120 may include one or more sensors 110 for makingdifferent measurements. The measurements may include gas concentration,pressure, temperature, wind speed, wind direction, speed, acceleration,etc. In an embodiment, the sensor 110 may include one or more of thefollowing: an optical sensor; an infrared (IR) sensor; a camera; anaccelerometer or other motion sensor; an electrochemical gas sensor orother gas sensor; a thermocouple; a thermistor; a resistancethermometer; a silicon bandgap temperature sensor or other temperaturesensor; and so forth.

The user device 120 may include a transceiver 104. In one embodiment,the transceiver 104 may be coupled to a global position system (GPS) todetermine a position of the user device 120 relative to other userdevices 120 on a common coordinate system. The transceiver 104 may beequipped to communicate with a cellular network system. In this way, theuser device 120 can communicate with anything that is connected to thecellular network, such as, e.g., but not limited to, the Internet. Inone embodiment, the cellular network system may be the communicationlink between the user devices 120. In another embodiment, the cellularnetwork system may be the communication link 180 between the user device120 and the base station 170 of the cellular network. The transceiver104 may include a WIFI or other radio system, a local area network, awide area network, and so forth.

The user device 120 may include memory storage 108. The memory storage108 may include solid state or soft storage and work in conjunction withother systems on the user device 120 to record data, run algorithms orprograms, control the user device, etc. The memory storage 108 mayinclude a Read Only Memory (ROM), random access memory (RAM), or anyother type of memory useful for the present applications.

The network 100 includes at least one base station 170. The base station170 may include one or more processors 172. The processor 172 couldprocess sensor or input data from a user device 120. The processor 172could process the data received by the base station 170 from anotherbase station 170.

The base station 170 may include memory storage 176. The memory storage176 may include solid state or soft storage and work in conjunction withother systems on the base station 170 to record data, run algorithms orprograms, control the base station 170, etc. The memory storage 176 mayinclude a Read Only Memory (ROM), random access memory (RAM), or anyother type of memory useful for the present applications.

The base station 170 may include a transceiver 174. In one embodiment,the transceiver 174 may be equipped to communicate with a cellularnetwork system. In this way, the base station 170 can communicate withanything that is connected to the cellular network, such as, e.g., butnot limited to, the Internet. In one embodiment, the cellular networksystem may be the communication link 185 between the base station 170and the load balancer 140 of the cellular network. The transceiver 174may include a WIFI or other radio system, a local area network, a widearea network, and so forth.

The network 100 includes at least one load balancer 140. The loadbalancer 140 may include one or more processors 142. The processor 142could process sensor or input data from a user device 120. The processor142 could process the data received by the load balancer 140 fromanother load balancer 140.

The load balancer 140 may include memory storage 146. The memory storage146 may include solid state or soft storage and work in conjunction withother systems on the load balancer 140 to record data, run algorithms orprograms, control the load balancer 140, etc. The memory storage 146 mayinclude a Read Only Memory (ROM), random access memory (RAM), or anyother type of memory useful for the present applications. In oneembodiment, the memory storage 146 make include task ID generationsoftware 148. In another embodiment, the memory storage 146 may includehaphazard randomization software 149.

The load balancer 140 may include a transceiver 144. In one embodiment,the transceiver 144 may be equipped to communicate with a cellularnetwork system. In this way, the load balancer 140 can communicate withanything that is connected to the cellular network, such as, e.g., butnot limited to, the Internet. In one embodiment, the cellular networksystem may be the communication link 185 between the base station 170and the load balancer 140 of the cellular network. The transceiver 144may include a WIFI or other radio system, a local area network, a widearea network, and so forth.

The network 100 includes more than one worker 150. In one embodiment,the worker 150 may include a mobile device, a cell phone, a personalcomputer, a data center or any combination of these and othernetworkable items. In another embodiment, the worker 150 may include avirtual machine or a thread on a processor on a computer system orserver.

The worker 150 may include one or more processors 152. The processor 152could process sensor or input data of the worker 150. The processor 152could process the data received by the worker 150 from a load balancer140. The worker 150 may include one or more displays 160. The worker 150may include one or more input device 156. The input device could be usedto accept user commands or data into the worker 150.

The worker 150 may include a transceiver 154. In one embodiment, thetransceiver 104 may be equipped to communicate with a cellular networksystem. In this way, the worker 150 can communicate with anything thatis connected to the cellular network, such as, e.g., but not limited to,the Internet. In one embodiment, the cellular network system may be thecommunication link between the workers 150. In another embodiment, thecellular network system may be the communication link 190 between theworker 150 and the load balancer 140 of the cellular network. Thetransceiver 104 may include a WIFI or other radio system, a local areanetwork, a wide area network, and so forth.

The worker 150 may include memory storage 158. The memory storage 158may include solid state or soft storage and work in conjunction withother systems on the worker 150 to record data, run algorithms orprograms, control the user device, etc. The memory storage 158 mayinclude a Read Only Memory (ROM), random access memory (RAM), or anyother type of memory useful for the present applications. In oneembodiment, the memory storage 158 make include task ID generationsoftware. In another embodiment, the memory storage 158 may includehaphazard randomization software.

In yet another embodiment, the SLB may not be capable of performing anypart of the attach procedure when it receives the attach message,therefore it forwards the attach message to one of the MMPs in order toassign a pTEID and a GUTI to the user as a part of the attachmentprocedure. The main problem in this case is related to distributednature of processing the attachment procedure. One of the issues is theway to ensure that the uniqueness of the task IDs (for each type) thatare assigned to the users so that there is no conflict with the otheruser's task IDs. The other issue is that after a worker generates andassigns the task IDs to a user, the next time that the user sends arequest with this assigned task ID, the request will be handled androuted by the SLB based on the policy of the SLB, so the request may ormay not be routed to the worker that has just created these task ID's asa part of the attachment procedure. Therefore, the rest of theattachment procedure, including anymore generating of IDs and recordingof the status of the user, should be performed by the worker who willreceive the task from the SLB the next time that the user initiates atask or request. The same worker may complete the attachment procedureand then release this user to the appropriate worker by moving itsstatus to the new worker. It is of course important that the task IDsgenerated by the worker should satisfy the property so they can berouted to a unique worker by the SLB.

In this scenario different strategies may be used by the workers. Oneapproach is to use a worker's ID as a basis to differentiate between thegenerated task IDs by different workers. The worker's ID could be a partof the task ID, or the worker can feed the ID appended with a fixednumber of bits, generated randomly or sequentially by a counter, to theHAPH function of appropriate size and use a key that is shared among allthe workers and the SLB. This way, some properties are simultaneouslysatisfied: First is that the assigned task IDs would be random andcannot be traced back in time. Second is the confidentiality of task IDsby not revealing what worker generated it, as well as not allowing athird party to know if two task IDs (even the same type when the task IDchanges over time) belong to the same user. Third is the fact that thetask ID would take a uniformly random value over the range of possibletask IDs. The third property is used for example in some load balancingalgorithms and it also allows for fair distribution of the tasks betweenthe workers.

In one embodiment, the generation of different types of task IDs by theworker, similar to previous cases, use the HAPH function to randomizethe value of a counter that is appended to an ID of the worker. Forexample, each worker may use an 8 bit ID and a 16 bit counter which canallow generation of up to 65536 task IDs for users that are currentlyactive in the system. The HAPH function is used to randomize these 24bits as an input using a key that is fixed and known to all the workersand the SLBs. The output of the HAPH function is a random number withsize of 24 bits that is uniquely determined from the input. This numberis an example of a task ID (pTEID) that is assigned and kept fixed overtime. In case that the task ID needs to be changed, we can add extrabits, e.g., 8 bits to the original 24 bits of the pTEID and then use theHAPH algorithm with a fixed key to generate a new task ID (GUTI), havinga size of 32 bits. By changing the extra 8 bits of the input, randomlyor sequentially, it is possible to change the GUTI over time. The samecan also be done to generate another task ID (TEID) that is 32 bits byusing the HAPH algorithm but with a different key. The key forgenerating each type of these task IDs, e.g., TEID, pTEID, or GUIT wouldbe different but they are fixed across the whole system of workers andSLBs.

Whether or not, the HAPH algorithm is used in the generation of the taskIDs, all the generated task IDs have to be kept in a table by theworker. This table is used every time that the worker wants to generatea new task ID in an attachment procedure to ensure that the new userreceives a different task ID from the other users in the system. Thistable has to be modified and updated when a new user is successfullyattached, in which case the worker who has received the attach messagewould be aware of it. However, if a user receives its task ID from aworker but then releases the user to another worker, the worker which ishandling this user should forward the detach message to the first workerso that the first worker can free up the task ID of the detached userfrom its table.

Referring to FIG. 2, a network system 200 is illustratively depicted, inaccordance with an embodiment of the present invention. The networksystem 200 may include a cell phone 210. The cell phone 210 may senddata and information over a communication link 220. The communicationslink 220 may include a cellular based or a WIFI based link. The cellphone 210 is communicating with a base station 170. The information ordata sent from the cell phone 210 to the base station 170 is transmittedby another communication link 240 to a load balancer 140. The loadbalancer 140 routes the information or data over the final communicationlink 250 to a first worker 260. The first worker 260 forwards theinformation or data over a worker communication link 265 to a secondworker 270. The second worker 270 processes the information or data fromthe cell phone 210.

Referring to FIG. 3, a flow chart for a method 300 of load balancing isillustratively shown, in accordance with an embodiment of the presentinvention. It is to be appreciated that the steps of method 300 areperformed on a network 100. In block 310, receive, by a base station, aplurality of tasks from a plurality of user devices, each of theplurality of tasks involving a respective one of multiple sets of jobs.In block 320, generate, by a load balancer responsive to receiving theplurality of tasks from the base station, task allocations for theplurality of tasks. A unique task ID is generated for and assigned toeach of the plurality of tasks, from which a task allocation isgenerated by the load balancer. The task allocations for the pluralityof tasks are generated such that all the jobs received from a respectivesame one of the plurality of user devices are assigned to a same one ofthe worker entities in the set. In block 330, perform, by a set ofworker entities, the plurality of tasks in accordance with the taskallocations.

In one embodiment, the attach message may be forwarded by the SLB to arandom worker, there may be other strategies that ensure the uniquenessof the distributed processing of tasks by the workers that does notdepend on using the worker's ID. Here, the distinction between the taskIDs generated for different users come from the fact that each worker isaware of the SLBs strategy and knows the span of all possible task IDsthat will be routed to it. Furthermore, the worker has the status of allthe current users in a table stored in the memory. Hence, when a newattach request is received from a user through the SLB, the worker justpicks a task ID in its span that is not currently assigned to a user inits table. This worker can complete the attach procedure by choosing theright task ID in its span to ensure that future tasks from this userwould be received by this worker.

In another embodiment, different types of task IDs are generated by theworker. We use the HAPH function as it was the case in previous examplebut in slightly different way. The key idea in this approach is thateach worker has a particular span for the task IDs of each type. Thespan for different types of task IDs may be tied together by a function.For example, a task ID may be randomized using HAPH algorithm or anencryption algorithm (or hash algorithm) with a particular key and thevalue of the function (HASH) that lie in different intervals areassociated with particular workers. This approach is especiallybeneficial when multiple task IDs that are supposed to go to the sameworker are all generated based on a single shared token such as pTEID.For example, let us use the same relation as described before betweenpTEID, TEID and GUTI as follows: We assume pTEID is the shared token ofsize 24 bits and the HAPH function is used to randomize this 24 bits asan input using a key that is fixed and known to all workers and SLBs togenerate the HASH value. The GUTI, with size of 32 bits, is generated byadding extra bits, e.g., 8 bits to the original 24 bits of the pTEID andthen use the HAPH algorithm with a fixed key. By changing the extra 8bits in the input, randomly or sequentially, it is possible to changethe GUTI over time. The same can also be done to generate the TEID, thatis 32 bits, by using the HAPH algorithm but with a different key.

Using the mentioned relation between task IDs that are all generatedfrom the same root or token, it is possible to define the span for eachworker by using a single value that is the token itself or a function ofit. Let us assume the HAPH function is used to generate the HASH. Afterthe attach request is sent to a worker, the worker generates a valuewithin its span that is a new HASH value and it does not exist in thelist of the users that are attached to this worker. This HASH value canbe de-randomized using the inverse of HAPH function using the same keyin order to generate pTEID. This pTEID is then used to generate all therequired types of task IDs.

In the scenario of assigning the pTEID by the worker, it is possible todirectly use the pTEID as the HASH value. The reason is that the pTEIDis chosen randomly from the available span for the worker, i.e., if ithas not been already assigned to a user. Since the pTEID is alreadyrandomized, there is no need to randomize it again using, e.g., HAPHfunction or inverse of HAPH function. Nonetheless, if the security ofthe system could be compromised, it is still recommended to use aninverse HAPH function to get the pTEID from the HASH value that ispicked from the available span of the worker.

In another embodiment, the attach message may be forwarded by the SLB toone of the workers, e.g., picked at random, as we discussed in previoussection. As long as the task ID assignment is handled by the workers,e.g., MMPs, or by the load balancer, it is always possible to choosethem in such a way that they satisfy certain conditions. For example,the distribution of the task IDs could be uniform over a certain span,or we can ensure that the task ID or part of the task ID or a functionof the task ID (e.g., HASH value) reside in a certain set or span.

In the previous case, the distinction between the task IDs generated fordifferent users were based on generating a pTEID in the span of theworker that receives the attach message. However, the first message (theattach request contains a task ID or the user ID (IMSI)) and in somescenarios this ID may be used by some entities to contact a worker inthe pool. As discussed before, all the tasks belonging to the same useror related to the same user should be handled by the same worker and theSLB has to make sure that they go to the same worker. After theattachment, the subsequent messages from some different entities, forexample the eNB and S-Gateway, are using the assigned task IDs generatedby the worker, for example the GUTI and the TEID, respectively. However,some entities, may continue to use the IMSI.

Since all generated task IDs of different types are based on uniquetokens such as the pTEID, and hence they can be tracked back to a singleworker, the IMSI is not generated by the worker and hence does notautomatically have this feature. Moreover, in some scenarios, the pTEIDhas to be uniquely provided by the worker in a distributed manner. TheIMSI and pTEID are two separate identifiers that need to be somehowlinked together. The size of the pTEID and the IMSI might be different.For example the pTEID might be 24 bits while the IMSI could be 64 bits.This means that the HASH function or randomization function for thepTEID and the IMSI could be different. The HASH value generated for thepurpose of load balancing has to be uniform for both the pTEID and theIMSI. Since the pTEID is generated by the system it can directly begenerated to satisfy certain condition, for example, to be uniformwithin the span, but the IMSI does not automatically have this conditionand in some scenarios has to be hashed or randomized in order to makethe HASH value uniform over the HASH ring or the span of HASH values.

A solution to satisfy the above condition is to have two separatehashing or randomization schemes for treating the pTEID and the IMSI.Both hash rings are slotted and there is a one to one correspondencebetween the slots in two hash ring. By using this slotted hash ring, theattach request that is based on the IMSI may be forwarded to the workerwhose span contains the slot in which the HASH value of the IMSI in theattach request lies. Of course, the subsequent messages or tasks thatuse the IMSI as ID would go to this slot all the time, and depending onwhose worker is responsible for this slot at a time, the same workerwill receive the messages or tasks.

During the process of the attachment request, the worker, that isprocessing the attach request and is the owner of the corresponding slotin HASH ring, generates a pTEID such that the HASH value of the pTEID isin the corresponding HASH ring belonging to the slot that is thecorresponding slot for the HASH values of the IMSI. This pTEID isgenerated in such a way that the corresponding HASH value is within theHASH slot and has not been assigned earlier.

One issue with this approach is that the number of IMSI with a HASHvalue within a HASH slot might be different (for example higher) fromthe number of pTEID with a hash value in the corresponding HASH slot.Hence, depending on the size of the slots, a pTEID might not beavailable in a slot when a new attach request is received. However, theprobability of this is very low unless the system is operating close toits limit in terms of the total number of pTEIDs that can be assigned.

In order to avoid storage of a routing table, the load balancer onlyrelies on a table of HASH value intervals that define the span of HASHvalues for all workers. In order to route a task correctly within itssession with a particular worker, task IDs will be used in the followingmanner. First, depending on the type of the task ID, the task ID will bede-randomized using the correct key. Next, the pTEID will be extractedand using the randomization algorithm it is encoded again into the HASHvalue. Based on the table of HASH value intervals, the task is routed tothe worker responsible for this task ID.

In another embodiment, the SLB may pick a random number (HASH value),based on the message identifier (GUTI, TEID, or S1AP). The random numberis in a specified range (HASH ring) and the HASH value is uniform,meaning that even if identifiers are sequential, the corresponding HASHvalue generated by any function (it might be a hash function, or arandomization function as proposed) is uniformly distributed in the HASHring.

In yet another embodiment, the SLB may include a table which definesdifferent intervals of HASH value to be assigned to different workersand redirect the message to the worker when the HASH value lies in itsinterval.

In one embodiment, each user may have a fixed pTEID and all messageidentifiers will be generated from the user's pTEID. The pTEID may be 24bits since the GUTI is 32 bits and we require it to change in time andreserve 8 bits to be able to generate 256 possible GUTIs. GUTI may begenerated as HAPH (pTEID+(8 extra bits), key1) where key1 is the key andHAPH is a randomization function. TIED and SLAP may also be generatedsimilarly, e.g., HAPH (pTEID+(8 extra bits), key2) where key 2 isdifferent from key1. When the security of TEID is not an issue, we canignore randomizing and directly using “pTEID+(8 extra bits)” as TEID.

In one embodiment, the SLB may generate a random HASH value. The SLB mayuse the HASH value to find the corresponding MMP based on a table. TheMMP may know its interval in HASH ring. The MMP may pick a uniformlyrandom value in this interval as HASH value that has not been used forany other MMP in the range. The HASH value may be used directly aspTEID. The TEID, the GUTI, and the S1AP may all be generated based onthis pTEID. The user status may be saved.

In another embodiment, the SLB may randomly select an MMP and forwardattach request to this MMP. Each MMP has a unique ID. The MMP uses itsunique id (say 8 bits) and an extra 16 bits to feed 24 bits into HAPHfunction with a key (GenKey). The originating MMP has a table of allpreviously assigned pTEID by this MMP. The output of HAPH function ischecked against this table. The HAPH function is repeated until a valueis generated that is not in the table. The pTEID can be used as hashvalue directly or the value of pTEID can be hashed with a hash function.The TEID, the GUTI, and the S1AP are all generated based on this pTEID.A status is also generated. The originating MMP knows the interval ofall MMPs in the HASH ring. Based on the HASH value, the originating MMPforwards the status to the corresponding MMP. The corresponding MMP hasto let the originating MMP, who generated the pTEID, know when the useris detached so that the originating MMP can free up the pTEID value inits table.

In yet another embodiment, the SLB partially addresses the attachrequest by generating the pTEID. Each SLB has a unique ID. The SLB usesits unique id (say 4 bits) and an extra 20 bits to feed 24 bits intoHAPH function with a key (GenKey). The SLB has a table of all previouslyassigned pTEID by this SLB. The output of HAPH function is checkedagainst this table. The HAPH function is repeated until a value isgenerated that is not in the table. The pTEID can be used as hash valuedirectly or the value of pTEID can be hashed with a hash function. TheTEID, the GUTI, and the S1AP are all generated based on this pTEID. Astatus is also generated. The SLB knows the interval of all MMPs in theHASH ring. Based on the HASH value, the SLB forwards the status to thecorresponding MMP. The SLB has to update the pTEID table when the userdetaches.

In one embodiment, the consistent hashing concept is used with slightmodification. When a request has to be forwarded based on an ID (IDcould be any part of the incoming message) the consistent hashinggenerates a uniformly random number (called HASH value) based on thisID.

If this ID is generated elsewhere, the use of the hash function isvital. If the ID is generated for the first time by the same systemwhere the load balancer is involved, the ID itself can be generated suchthat it satisfies the uniformly random property and hence it can bedirectly used as HASH value. However, if the size of the ID it toolarge, it is desirable to use a hash function (this hash function is notreversible) to generate a smaller value as hash.

The generation of uniformly random number may involve the use of a hashfunction or a HAPH function. Therefore, even though the SLB or the MMPgenerates the ID, in order to make sure the uniform random property, wemay still use the output of a hash function. This is related to aconcept called “randomness extractor”, that is often simply called an“extractor”, which is a function such that when it is being applied to aweakly random sequence or even a deterministic sequence, together with ashort value, it generates a highly random output that appear independentfrom the source and is uniformly distributed.

The HAPH function or randomization algorithm is a function thatsatisfies the following properties: (1) It provides a unique andreversible B-bits output for every input of size B-bits (it is aone-to-one function). (2) The function is easy to compute. (3) Thereverse function is also easy to compute if the key is known. (4) Thefunction could be highly nonlinear to make the key hard to guess by anadversary. The complexity of finding the key should be of the order of2̂C evaluation of the randomization function even if the function and itsalgorithm are completely known and an adversary has access to multiplepairs of input and outputs. Here, the key is a binary number of size Cbits and usually B=C.

In some cases, a good randomization function with an input of 24 bits isneeded. In general, an approach to design a randomization function mayinclude some one way function, e.g., a function that has larger inputset than the output set. An example of such function is a function thattakes for example b bits and spits out q bits where b>q. However, inorder to have reversible randomization function, one needs to ensurethat the input can be derived in polynomial time from the output. A wayto ensure this is to have round functions that are invertible and usemultiple rounds to acquire enough randomization.

Given that a round function generates a one to one correspondencebetween its output and input, the role of one way function would be togenerate more confusion between output and input. A very strong way todesign a round function is to find a way that a single bit change in theinput affects as much bits in the output as possible. To this end, it isdesirable to have a round function where not only a single bit but alsoany given sub-block of the input cannot be found directly from onesub-block of the output and the key.

In one embodiment, the randomization function may have an input blockconsisting of 24 bits that are divided into three sub-blocks or bytes.Usually there is a one way function of the key that is applied to theinput of the rounds. This operation could be as simple as XOR operationwith part of the key or in more involved function like modulo operationsuch as multiplication, addition, or division. This way the input bitsare already masked with the key. After the one way operation on theinput, there are two one way functions U and V that take a byte and akey of length for example 32 bits and output 8 bits. The output of theone way functions is then used to further mask the input sub-blocks. Atthe output, the order of the sub-blocks is changed before going to thenext round such that the same operation does not apply to the same byteorders in two consecutive rounds.

In another embodiment, the randomization function may have the inputbits masked through a reversible function and then fed into one wayfunctions and masked again. This is a particular important step if onlya limited number of rounds is used. For example, if only one round isused, without masking the input and the output to the one way functionV, the one way function V would be readily available if we have accessto one input and output pair. The reason is that by doing XOR on thefirst sub-block of the input and the output we have the output of theone way function of V. Also, performing XOR on the next two sub-block ofthe output gives access to the input of the function V.

In general, the idea of multiple (or possibly all) bits in the outputbeing affected by a single bit change of the input or the key impliesthat no input sub-block can be obtained solely based on the some outputsub-blocks and knowledge of the key unless we use the entire outputsub-block. We refer to this idea as “total confusion”. This can bepossibly achieved through some one-to-one functions as well. Forexample, modulo multiplication or multiplication in finite fields by afull rank matrix has the property that every input bit can possiblyaffect all the output bits. However, if a one-way function is going tobe used, the idea of total confusion has to be implemented in a verydelicate way. In fact the idea of total confusion somehow works againstusing the one way functions in a randomization function. Since the oneway function can be computed only if its input is fully known,therefore, in a decryption process, aside from the knowledge of the keywe have to make sure that the input to the one way function can befound. This means that this input has to be computed based on the outputof this round. On the other hand in the encryption process, this inputto the one way function was found based on the input of the round. Thismeans that there would be a function of the output sub-blocks that isidentical to a function of the input sub-blocks. We call such pair offunctions, “literal function” for this round function.

Although a randomization function that includes one way functions canstill have “total confusion” properties, but note that the existence ofa literal function for such a randomization function means that there isa relation between the input bits of a round that can be found through afunction of output bits of the same round. Nonetheless, by changing theorder of the sub-blocks (or possibly permuting the bits) and using asecond round, the relation between the input bits and the output bits ofthe second round would not be trivial and this could be madeexhaustively hard in the order of the cardinality of the key space.

In yet another embodiment, the randomization function may havemultiplication and division modulo 257, which is a prime number, beforeand after the one way functions. We do not include zero as an input andoutput, and consider only 1 through 257 numbers. The actual value of thebyte in the range 1-256 represent the number 1 through 256 and the valuezero for the byte represents 257. This means that when the byte has thevalue 0x00 it is interpreted as 257 in the multiplication and when theresult of the multiplication of two numbers is 257 it is stored as 0x00in the output. The same things hold for the division.

Since the division and multiplication of two bytes possibly affect theentire byte, the relation between the input and output bits does notreveal a relation in bit level, and it is rather in byte level. On theother hand using an XOR or another one way function at the beginning ofthe round makes it impossible to find out a relation between the inputbits solely based on the output even if a single round is used.

If there is no strong requirement on the encryption strength of thealgorithm and the algorithm is solely used for the purpose ofrandomization with moderate or low encryption strength, a single roundof the above algorithm may suffice to achieve good randomness in theoutput.

Referring to FIG. 4, a flow chart for a method 400 for randomizationwhile load balancing in network system 100 is illustratively shown, inaccordance with an embodiment of the present invention. It is to beappreciated that the steps of method 400 are performed on the network100. In block 410, bind an input sequence into a first segment, a secondsegment, and a third segment. In block 420, form a first new segment byperforming (i) an operation with the second segment and the thirdsegment, (ii) a first one way function on a key and an output from theoperation, and (iii) the operation with the first segment and an outputfrom the one way function. In block 430, form a second new segment byperforming (i) a second one way function with the first segment and thekey, and (ii) the operation with the second segment and output of thesecond one way function. In block 440, form a third new segment byperforming (i) the second one way function with the third segment andthe key, and (ii) the operation with the second segment and output ofthe second one way function. In block 450, form an output sequence bycombining the first new segment, the second new segment, and the thirdnew segment.

The execution time of randomization function can be greatly enhanced byusing proper techniques in implementing different operation. In generalbit XOR, AND, OR, ADD (addition), SUB (subtraction) and MOV (move)operation are very fast (1 CPU cycle in registers and 1+memory accesscycles if one operand is in memory).

Modulo multiplication and modulo division can be performed without needto do multiplication directly. Multiplication is usually an expensiveoperation in terms of CPU cycles (in the order of 10s or even 100s ofCPU cycles). The idea is to pick a value in the field that is primevalue with respect to the size of the filed. For example 2 is prime withrespect to 257 and 1+x is prime with respect to X̂8+1. Hence, we canwrite all the elements of the filed in terms of this prime value in theform of ĝk(v) where v is an element of the filed, g is the prime value,and k(v) is the exponent of g for a given v such that v=ĝk(v). Here,k(v) is called the primitive root of v.

In order to do modulo multiplication of v and u, it is sufficient tofind k(v) and k(u) by using a look up table and then find the inverse ofk(v)+k(u) by using the inverse table which is u·v where “·” representsmodulo multiplication.

In order to do modulo division of v by u, we find k(v) and k(u) by usinga look up table and then find the inverse of k(v)−k(u) by using theinverse table which is u/v where “/” represents modulo division. We notethat in case that the above number, i.e., k(v)−k(u) is negative we canadd 256 to it since any number to the power of 256 modulo 257 would beequal to 1. This is equivalent to multiplying the result by one.However, this would generate a number that is in the range of 0 to 256which means that we can find the corresponding result of the modulodivision in terms of an integer number. Both modulo multiplication andmodulo division need only two MOV and one ADD operations.

Some operations may be more involved, however, they can be stillperformed in very efficient manner. A bit permutation is an example ofsuch function. Let us consider a bit permutation of one word thatconsists of 4 bytes. In order to perform any (but fixed) permutation, itis sufficient to generate 4 tables with 2̂8=256 entries where each entryis a word (4 bytes). For a given input word, each of the four bytespoint to 4 locations in their corresponding table. The result of thepermutation would be the OR operation of these 4 words. The table canalso be designed in such a way that the permutation would be the ANDoperation of these 4 words. The permutation operation requires one MOVand three OR operations.

Embodiments may include a computer program product accessible from acomputer-usable or computer-readable medium providing program code foruse by or in connection with a computer or any instruction executionsystem. A computer-usable or computer readable medium may include anyapparatus that stores, communicates, propagates, or transports theprogram for use by or in connection with the instruction executionsystem, apparatus, or device. The medium can be magnetic, optical,electronic, electromagnetic, infrared, or semiconductor system (orapparatus or device) or a propagation medium. The medium may include acomputer-readable storage medium such as a semiconductor or solid statememory, magnetic tape, a removable computer diskette, a random accessmemory (RAM), a read-only memory (ROM), a rigid magnetic disk and anoptical disk, etc.

Each computer program may be tangibly stored in a machine-readablestorage media or device (e.g., program memory or magnetic disk) readableby a general or special purpose programmable computer, for configuringand controlling operation of a computer when the storage media or deviceis read by the computer to perform the procedures described herein. Theinventive system may also be considered to be embodied in acomputer-readable storage medium, configured with a computer program,where the storage medium so configured causes a computer to operate in aspecific and predefined manner to perform the functions describedherein.

A data processing system suitable for storing and/or executing programcode may include at least one processor coupled directly or indirectlyto memory elements through a system bus. The memory elements can includelocal memory employed during actual execution of the program code, bulkstorage, and cache memories which provide temporary storage of at leastsome program code to reduce the number of times code is retrieved frombulk storage during execution. Input/output or I/O devices (includingbut not limited to keyboards, displays, pointing devices, etc.) may becoupled to the system either directly or through intervening I/Ocontrollers.

Network adapters may also be coupled to the system to enable the dataprocessing system to become coupled to other data processing systems orremote printers or storage devices through intervening private or publicnetworks. Modems, cable modem and Ethernet cards are just a few of thecurrently available types of network adapters.

The foregoing is to be understood as being in every respect illustrativeand exemplary, but not restrictive, and the scope of the inventiondisclosed herein is not to be determined from the Detailed Description,but rather from the claims as interpreted according to the full breadthpermitted by the patent laws. It is to be understood that theembodiments shown and described herein are only illustrative of thepresent invention and that those skilled in the art may implementvarious modifications without departing from the scope and spirit of theinvention. Those skilled in the art could implement various otherfeature combinations without departing from the scope and spirit of theinvention. Having thus described aspects of the invention, with thedetails and particularity required by the patent laws, what is claimedand desired protected by Letters Patent is set forth in the appendedclaims.

What is claimed is:
 1. A method of load balancing tasks on a network,the method comprising: receiving, by a base station, a plurality oftasks from a plurality of user devices, each of the plurality of tasksinvolving a respective one of multiple sets of jobs; generating, by aload balancer responsive to receiving the plurality of tasks from thebase station, task allocations for the plurality of tasks; performing,by a set of worker entities, the plurality of tasks in accordance withthe task allocations; and wherein a unique task ID is generated for andassigned to each of the plurality of tasks, from which a task allocationis generated by the load balancer, and wherein the task allocations forthe plurality of tasks are generated such that all the jobs receivedfrom a respective same one of the plurality of user devices are assignedto a same one of the worker entities in the set.
 2. The method of claim1, wherein the unique task ID for each of the plurality of tasks isgenerated using a randomization function, the randomization functioncomprising: binding an input sequence into a first segment, a secondsegment, and a third segment; forming a first new segment by performing(i) an operation with the second segment and the third segment, (ii) afirst one way function on a key and an output from the operation, and(iii) the operation with the first segment and an output from the oneway function; forming a second new segment by performing (i) a secondone way function with the first segment and the key, and (ii) theoperation with the second segment and output of the second one wayfunction; forming a third new segment by performing (i) the second oneway function with the third segment and the key, and (ii) the operationwith the second segment and output of the second one way function; andforming an output sequence by combining the first new segment, thesecond new segment, and the third new segment.
 3. The method of claim 2,wherein the operation includes a logical exclusive OR operation.
 4. Themethod of claim 2, wherein the operation includes a mathematicaloperation selected from the group consisting of modulo multiplicationand modulo division.
 5. The method of claim 2, wherein the randomizationfunction is selectively iteratively repeated based on one or morecriterion, such that the output sequence of a particular iteration ofthe randomization function is the input sequence for a followingiteration of the randomization function.
 6. The method of claim 5,wherein the following iteration of the randomization function uses adifferent key.
 7. The method of claim 1, wherein the unique task ID foreach of the plurality of tasks is generated using a randomizationfunction, wherein the randomization function comprises a set ofiterations selectively performed based on one or more criterion, whereinthe randomization function uses a round function, an input sequence, anda key to generate an output sequence, such that the output sequence of aparticular one of the iterations is the input sequence of a subsequentone of the iterations, and wherein the round function is configured toprevent recovery of a partial input sequence through an invertiblefunction using a partial output sequence and the key.
 8. The method ofclaim 1, wherein the allocating the plurality of tasks amongst the setof worker entities uses a digest of task identifiers to assign all thejobs received from a respective same one of the plurality of userdevices to the same one of the worker entities in the set.
 9. The methodof claim 1, wherein the unique task ID for each of the plurality oftasks is generated using a common token associated with each of theplurality of tasks.
 10. The method of claim 1, wherein a given one ofthe worker entities generates the unique task ID for any of theplurality of tasks allocated to the given one of the worker entities,responsive to the any of the plurality of tasks being allocated to thegiven one of the worker entities without the unique task ID beinggenerated by the load balancer.
 11. The method of claim 10, wherein theunique task ID is generated based on a unique worker entity ID.
 12. Themethod of claim 10, wherein the worker entity generates the unique taskID for assignment from within a set of possible task IDs assigned to theworker entity.
 13. The method of claim 1, wherein the unique task ID foreach of the plurality of tasks is generated based on a user device ID.14. A network system, comprising: a base station for receiving aplurality of tasks from a plurality of user devices, each of theplurality of tasks involving a respective one of multiple sets of jobs;a set of worker entities for performing the plurality of tasks; a loadbalancer for receiving the plurality of tasks from the base station andallocating the plurality of tasks amongst the set of worker entitiessuch that all the jobs received from a respective same one of theplurality of user devices is assigned to a same one of the workerentities in the set; and wherein a unique task ID is generated for andassigned to each of the plurality of tasks, from which a task allocationis generated by the load balancer.
 15. The network system of claim 14,wherein the unique task ID for each of the plurality of tasks isgenerated using a randomization function, the randomization functionbeing configured to: bind an input sequence into a first segment, asecond segment, and a third segment; form a first new segment byperforming (i) an operation with the second segment and the thirdsegment, (ii) a first one way function on a key and an output from theoperation, and (iii) the operation with the first segment and an outputfrom the one way function; form a second new segment by performing (i) asecond one way function with the first segment and the key, and (ii) theoperation with the second segment and output of the second one wayfunction; form a third new segment by performing (i) the second one wayfunction with the third segment and the key, and (ii) the operation withthe second segment and output of the second one way function; and forman output sequence by combining the first new segment, the second newsegment, and the third new segment.
 16. The network system of claim 15,wherein the unique task ID is generated by the load balancer.
 17. Thenetwork system of claim 15, wherein the unique task ID is generated byone of the worker entities in the set.
 18. The network system of claim17, wherein one of the worker entities assigns the task to another oneof the worker entities.
 19. The network system of claim 15, wherein therandomization function is selectively iteratively repeated based on oneor more criterion, such that the output sequence of a particulariteration of the randomization function is the input sequence for afollowing iteration of the randomization function.
 20. The networksystem of claim 19, wherein the following iteration of the randomizationfunction uses a different key.